npm-git-install

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly shows and instructs embedding Personal Access Tokens directly in git HTTPS URLs (and even includes a ghp_ token placeholder), which encourages the LLM to emit secret values verbatim in commands — an unsafe credential-handling pattern.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs installing packages directly from GitHub via git+https/git+ssh URLs (e.g., "npm install git+https://github.com/...") and notes that the workflow will git-clone and run package prepare scripts, meaning the agent/runtime would fetch and execute arbitrary, user-generated repository content from GitHub.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill contains explicit runtime install commands that fetch and run remote repository code (e.g., npm install git+https://github.com/JEO-tech-ai/supercode.git#main), which causes a git clone and may run package prepare/build scripts—thus fetching and executing remote code at runtime.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The guide instructs global npm installs that write to system locations (e.g., /usr/local), includes sudo commands (sudo chown, sudo apt-get install git) and steps that modify system-level files and credentials, so it can change the machine state and requires elevated privileges.